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IN THE CLAIMS: 



Claim 1. (previously amended) A system comprisii 

a plurality of certificate authorities (CAs) in vihAch each CA 
maintains and distributes digital certificates revoked/by itself in the 
form of a certificate revocation list (CRL) , and dif :^rent CAs may use 
different CRL distribution mechanisms; 

a plurality of CRL databases for storing the /consolidated CRLs 
from multiple CRL retrieval agents and/or the rec/licat ions of CRLs, the 
CRL databases storing at least one individually/identifiable revoked 
digital certificate; and 

a CRL access user interface for providLfig a uniform set of APIs 
for users accessing the CRLs in the CRL dat^abase, said system enabling 
consolidation and access of the certificayfe revocation lists (CRLs) 
from the plurality of certificate authorities (CAs) . 

Claim 2. (original) A systeiy according to claim 1, wherein 
said plurality of CRL databases include a central CRL database and a 
plurality of CRL replication data)5ases, said central CRL database for 
storing the consolidated CRLs fr^m the multiple CRL retrieval agents, 
and said plurality of CRL replication databases for storing the 
replications of the CRLs of t^e central CRL database. 

Claim 3. (original) A system according to claim 1, wherein 
said plurality of CRL retr/eval agents include a LDAP/CRL retrieval 
agent, for periodically j^fetrieving CRLs from specified LDAP servers 
and updating the CRL databases. 

Claim 4. (original) A system according to claim 1, wherein 
said plurality of CRl/ retrieval agents include a HTTP/CRL retrieval 
agent, for periodically retrieving CRLs from specified HTTP servers 
and updating the ORL database. 

Claim 5. (c/riginal) A system according to claim 1, wherein 
said plurality hf CRL retrieval agents include a RFC1424/CRL 
retrieval ager/ts, for periodically sending RFC1424/CRL retrieval 
request and Receiving CRL retrieval reply. 

Claim/6, (original) A system according to claim 1, wherein 
said plur/lity of CRL retrieval agents include a Http retrieval agent 
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triggered by a HTTP request, said Http receiver agent verifies/an 
authorization of the requester, if successful, said agent stores each 
5 transmitted CRL in the CRL databases. / 

Claim 7. (original) A system according to claim l/wherein 
said plurality of CRL retrieval agents further verifies/the integrity 
and the authenticity of the retrieved CRLs . / 

Claim 8. (original) A system according to cl/aim 1, wherein a 
particular replication architecture is used among /said plurality of 
CRL databases in order to maintain database consistency. 

Claim 9. (previously amended) A systein according to claim 2, 

wherein a hub-and- spoke replication architect/ure is used among said 
central CRL database and said plurality of jCRL replication databases. 

Claim 10. (original) A system accoi/ding to claim 1, wherein 
said system is also adapted for consolidating and accessing at least 
one kind of black list. / 

Claim 11. (previously amended) / In a secure network 
implemented by digital certificates/ a method for certificate 
revocation list (CRL) consolidation and access, wherein a plurality 
of certificate authorities (CAs ) /maintain and distribute the digital 
5 certificates revoked by themselves in the form of CRLs, and different 
CAs may use different CRL distribution mechanisms, said method 
comprising the steps of: / 

creating a plurality c/f CRL retrieval agents based on the CRL 
distribution mechanisms oy CAs, for consolidating the CRLs from 
10 multiple CAs; / 

storing the consolidated CRLs from multiple CRL retrieval 
agents or the replicat/lons of CRLs into a plurality of CRL databases, 
the consolidated CRLs including at least one individually 
identifiable revoked digital certificate; and 
15 accessing the CRLs from the CRL databases by a uniform set of 

APIs. / 

Claim 12 y (original ) A method according to claim 11, said 
plurality of vCRL databases include a central CRL database and a 
plurality of CRL replication database, said central CRL database for 
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storing the consolidated CRLs from multiple CRL retrieval agents afid 
5 said plurality of CRL replication database for storing the / 
replications of the CRLs of the central database. / 

Claim 13. (original) A method according to claim 11, wherein 
said method is also adapted for consolidation and accessing/ all kinds 
of black lists. / 

Claim 14. (previously amended) An article of manufacture 
comprising a computer usable medium having computer readable program 
code means embodied therein for causing certificate /revocation list 
(CRL) consolidation and access, the computer readable program code 
5 means in said article of manufacture comprising ^computer readable 
program code means for causing a computer to efrect the steps of 
claim 11. / 

Claim 15. (original) A computer proo/am product comprising a 
computer usable medium having computer reafdable program code means 
embodied therein for causing certificate/ revocation list (CRL) 
consolidation and access, the computer /readable program code means in 
5 said computer program product compris/ng computer readable program 
code means for causing a computer to^ effect the steps of claim 11. 

Claim 17. (original) A prog/am storage device readable by 
machine, tangibly embodying a prc/gram of instructions executable by 
the machine to perform method s/teps for certificate revocation list 
(CRL) consolidation and acces^, said method steps comprising the 
5 steps of claim 11. / 

Claim 18. (previousl/ amended) A method comprising: 
employing a secure ynetwork implemented by digital certificates 

for certificate revocat/lon list (CRL) consolidation and access, with 

a plurality of certificate authorities (CAs) maintaining and 
5 distributing the diyital certificates revoked by themselves in the 

form of CRLs, whec^in different CAs may use different CRL 

distribution mechanisms, including the steps of: 

creating A plurality of CRL retrieval agents based on the CRL 

distribution y4echanisms of CAs, for consolidating the CRLs from 
10 multiple Ca/; 
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storing the consolidated CRLs from multiple CRL retrie^l 
agents or the replications of CRLs into a plurality of CRt databases, 
the consolidated CRLs including at least one individually 
identifiable revoked digital certificate; and / 

accessing the CRLs form the CRL databases by >q uniform set of 
APIs. / 

Claim 19. (original) A program storage ydevice readable by 
machine, tangibly embodying a program of irv^ructions executable by 
the machine to perform method steps for c^tificate revocation list 
(CRL) consolidation and access, said meJfe!Tiod steps comprising the 
steps of claim 18. / 

Claim 20. (original) An arti/cle of manufacture comprising a 
computer usable medium having cc^rfputer readable program code means 
embodied therein for causing c^tificate revocation list (CRL) 
consolidation and access, th;/ computer readable program code means in 
said article of manuf actur^ comprising computer readable program code 
means for causing a como^dter to effect the steps of claim 18. 

Claim 21. (origLnal) A computer program product comprising a 
computer usable med^m having computer readable program code means 
embodied therein fxtr causing certificate revocation list (CRL) 
consolidation apfa access, the computer readable program code means in 
said compute:^^rogram product comprising computer readable program 
code means ^or causing a computer to effect the steps of claim 18. 



